Living QR - THCon CTF

This was a steganography challenge from THCon CTF where we were given a qr .gif image. When I tried to view it, multiple QR’s were being loaded in a few milliseconds gap. I solved this challenge using imagemagick and zbarimg. First, I used imagemagick to get all single QR’s from the given .gif, and then ran zbarimg to get characters from each file, and when I put all characters together I got the flag.
Read more →

You Can’t C Me - Hackthebox

Greetings everyone! This is one of the easy challenges from Hackthebox. I will explain how we can solve this challenge using radare2. Here, Name of the binary is auth. First, let’s load the binary in debug mode with radare2: $ r2 -d ./auth We can list all available strings using iz command. Also let’s see the information of binary using iI command. We can see that binary is stripped, but other protection mechanisms like canary is turned off.
Read more →